Threat Hunting with Splunk: Hands-on Tutorials for the Active Hunter

Security Ryan Kovar

At Splunk, you may hear us pontificating on our ponies about how awesome and easy it is to use Splunk to hunt for threats.

Why, all you need to do is use X and Y with Splunk to find a Z score (no zombies were injured) and BOOM! That baddie in your network is detected.

Going back to at least a decade, we’ve tried to make it easy — as you’ll see in the resources below — and yet threat hunting is about as easy as telling someone how easy it is to draw an owl. (Hint: it isn’t.) So, that’s why we started writing this series in 2017.

Today, we are doubling-down on our threat hunting capabilities. That's why we're updating this series, one article at a time, verifying that each tutorial is the best resource for some aspect of hunting, all using Splunk.

Show me the tutorials!

Want to learn more about threat hunting in general? Keep reading for more information about hunting and the team behind this series, SURGe.

Threat Hunting resources

So, let's make it clear, this entire series is about using Splunk for your threat hunting activities.

Here's some brand new and forever-favorite resources, too, that are about threat hunting with or without Splunk:

Meet the team

The team behind this series is SURGe, an in-house security research team at Splunk. The SURGe team focuses on in-depth analysis of the latest cybersecurity news and finding answers to security problems. All of this is delivered to you in a variety of forms:

Check out all these resources from SURGe and sign up for rapid response alerts.

And now, onto the hunting tutorials!

Tutorials for threat hunting with Splunk

This series will serve as your foundation for hunting with Splunk. (Brand new to Splunk? Explore our SIEM solution, Splunk Enterprise Security: Learn about Splunk ES | Tour Splunk ES)

Each of these articles take a single Splunk search command or hunting concept and break it down to its basic parts. We will help you create a solid base of Splunk knowledge that you can then use in your own environment to hunt for evil. We will cover everything from hypothesis generation to IDS. Splunk commands like stats, eval and lookups will be examined. And have we got queries for you!

As always, happy hunting!

Related Articles

Hunting with SA-Investigator & Splunk Enterprise Security (SIEM)
Security
4 Minute Read

Hunting with SA-Investigator & Splunk Enterprise Security (SIEM)

Discover how Splunk Enterprise Security and the SA-Investigator add-on empower analysts to streamline threat hunting and incident response. Learn how to pivot across assets, identities, and processes for deep-dive investigations and actionable insights. Happy hunting!
Exploring AI for Vulnerability Investigation and Prioritisation
Security
5 Minute Read

Exploring AI for Vulnerability Investigation and Prioritisation

Splunker James Hodgkinson explains how AI-driven tools can revolutionize vulnerability investigation and prioritization.
What Splunk Experience Day Thailand Revealed About the Future of Resilience
Security
7 Minute Read

What Splunk Experience Day Thailand Revealed About the Future of Resilience

Organisations are investing heavily in AI and digital transformation, but many are still working out how to prepare their people for the pace of change that comes with it.